[Fed-Talk] Re: PKINIT and Apple Login
[Fed-Talk] Re: PKINIT and Apple Login
- Subject: [Fed-Talk] Re: PKINIT and Apple Login
- From: Shawn Geddis <email@hidden>
- Date: Mon, 27 Feb 2006 10:31:50 -0500
On Feb 14, 2006, at 4:40 PM, Paul Nelson wrote:
Shawn,
If I have a Macintosh properly configured for using a CAC card,
will the login process get me a Kerberos TGT using the keys on the
CAC?
We've noticed that Apple has added some PKINIT support to their
Kerberos source code. Any idea how to make use of this?
Paul Nelson
Thursby Software Systems, Inc.
Paul,
Currently, there is no User/Admin/Developer access to the PKINIT code
you have referenced on the list. That would mean that the current
release would not allow you to directly get a Kerberos TGT using the
keys on the CAC as you asked. I believe you will find that there are
approaches to acquiring TGT / Service Tickets outside of PKINIT
directly -- however, it is not the exact implementation right now
that you are looking for.
- Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division (Public & Private Sector)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden